Makes output of secrets consistent for all clients.

All the secrets/keys retrieved using the client API's using Java/python
clients will be of the type - byte array. This applies to output of the
retrieveKey method and the public key attribute of the KeyInfo object.

6 files changed, 36 insertions, 25 deletions

diff --git a/base/common/src/com/netscape/certsrv/key/KeyClient.java b/base/common/src/com/netscape/certsrv/key/KeyClient.java
index 262a33d8f..ade3765a9 100644
--- a/base/common/src/com/netscape/certsrv/key/KeyClient.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyClient.java
@@ -725,7 +725,7 @@ public class KeyClient extends Client {
          * For RSA, JSS accepts key sizes that fall in this set of values:
          * {256 + (16 * n), where 0 <= n <= 1008
          *
-         * For DSA, JSS accepts key sizes 512, 768, 1024 only when there are no p,q,g params specified.
+         * For DSA, JSS accepts key sizes 512, 768, 1024 only, when there are no p,q,g params specified.
          */
         if (keyAlgorithm.equals(KeyRequestResource.RSA_ALGORITHM)) {
             if (keySize >= 256) {
diff --git a/base/common/src/com/netscape/certsrv/key/KeyInfo.java b/base/common/src/com/netscape/certsrv/key/KeyInfo.java
index 71a858e6b..204cac493 100644
--- a/base/common/src/com/netscape/certsrv/key/KeyInfo.java
+++ b/base/common/src/com/netscape/certsrv/key/KeyInfo.java
@@ -27,6 +27,7 @@ import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
 
 import com.netscape.certsrv.dbs.keydb.KeyId;
+import com.netscape.cmsutil.util.Utils;
 
 /**
  * @author alee
@@ -55,7 +56,7 @@ public class KeyInfo {
     protected String ownerName;
 
     @XmlElement
-    protected String publicKey;
+    private String publicKey;
 
     public KeyInfo() {
         // required for JAXB (defaults)
@@ -129,11 +130,31 @@ public class KeyInfo {
         this.ownerName = ownerName;
     }
 
-    public String getPublicKey() {
-        return publicKey;
+    /**
+     * Converts the stored base64 encoded public key to a byte
+     * array and returns that value. Returns null, if public key is null.
+     *
+     * @return public key - as a byte array
+     */
+    public byte[] getPublicKey() {
+        if (publicKey != null) {
+            return Utils.base64decode(publicKey);
+        }
+        return null;
     }
 
-    public void setPublicKey(String publicKey) {
-        this.publicKey = publicKey;
+    /**
+     * Sets the binary data of the public key in a
+     * base64 encoded string format.
+     *
+     * @param publicKey - if null, getPublicKey returns null.
+     */
+    public void setPublicKey(byte[] publicKey) {
+        if (publicKey != null) {
+            this.publicKey = Utils.base64encode(publicKey);
+        } else {
+            this.publicKey = null;
+        }
     }
+
 }
diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java
index c6bb6933d..12bb1808a 100644
--- a/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java
@@ -26,6 +26,7 @@ import com.netscape.certsrv.system.SystemCertClient;
 import com.netscape.certsrv.util.NSSCryptoProvider;
 import com.netscape.cmstools.cli.CLI;
 import com.netscape.cmstools.cli.MainCLI;
+import com.netscape.cmsutil.util.Utils;
 
 /**
  * @author Endi S. Dewata
@@ -97,7 +98,7 @@ public class KeyCLI extends CLI {
             // Print out the Base64 encoded public key in the form of a blob,
             // where the max line length is 64.
             System.out.println("  Public Key: \n");
-            String publicKey = info.getPublicKey();
+            String publicKey = Utils.base64encode(info.getPublicKey());
             int i = 0;
             for(i=0;i<publicKey.length()/64;i++){
                 System.out.println(publicKey.substring(i*64, i*64 + 64));
diff --git a/base/kra/functional/drmtest.py b/base/kra/functional/drmtest.py
index 4d65955f9..8653763c1 100644
--- a/base/kra/functional/drmtest.py
+++ b/base/kra/functional/drmtest.py
@@ -60,9 +60,8 @@ def print_key_info(key_info):
     if key_info.public_key is not None:
         print "Public key: "
         print
-        pub_key = str(key_info.public_key)
-        for i in range(0, len(pub_key), 64):
-            print pub_key[i:i+64]
+        pub_key = base64.encodestring(key_info.public_key)
+        print pub_key
 
 
 def print_key_data(key_data):
diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
index 1b96c1809..720bba2b9 100644
--- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
+++ b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java
@@ -693,7 +693,7 @@ public class DRMTest {
             }
 
             // Test 33: Verify the generated key pair.
-            if (isKeyPairValid(algs[i], keyData.getData(), Utils.base64decode(info.getPublicKey()))) {
+            if (isKeyPairValid(algs[i], keyData.getData(), info.getPublicKey())) {
                 log("The key pair generated using " + algs[i] + " algorithm is valid.");
             } else {
                 log("The key pair generated using " + algs[i] + " algorithm is invalid.");
@@ -750,12 +750,8 @@ public class DRMTest {
         log("Status:    " + keyInfo.getStatus());
         if (keyInfo.getPublicKey() != null) {
             log("Public Key: ");
-            String publicKey = keyInfo.getPublicKey();
-            int i = 0;
-            for (i = 0; i < publicKey.length() / 64; i++) {
-                log(publicKey.substring(i * 64, i * 64 + 64));
-            }
-            log(publicKey.substring(i * 64));
+            String publicKey = Utils.base64encode(keyInfo.getPublicKey());
+            log(publicKey);
         }
     }
 
diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java
index ecf3b0398..56c6f4c6e 100644
--- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java
+++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java
@@ -19,7 +19,6 @@
 package org.dogtagpki.server.kra.rest;
 
 
-import java.io.IOException;
 import java.math.BigInteger;
 import java.net.URI;
 import java.util.ArrayList;
@@ -70,7 +69,6 @@ import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.servlet.base.PKIService;
 import com.netscape.cms.servlet.key.KeyRequestDAO;
-import com.netscape.cmsutil.crypto.CryptoUtil;
 import com.netscape.cmsutil.ldap.LDAPUtil;
 import com.netscape.cmsutil.util.Utils;
 
@@ -440,12 +438,8 @@ public class KeyService extends PKIService implements KeyResource {
         ret.setAlgorithm(rec.getAlgorithm());
         ret.setSize(rec.getKeySize());
         ret.setOwnerName(rec.getOwnerName());
-        if(rec.getPublicKeyData() != null && getPublicKey){
-            try {
-                ret.setPublicKey(CryptoUtil.base64Encode(rec.getPublicKeyData()));
-            } catch (IOException e) {
-                throw new EBaseException(e.getMessage());
-            }
+        if (rec.getPublicKeyData() != null && getPublicKey) {
+            ret.setPublicKey(rec.getPublicKeyData());
         }
 
         Path keyPath = KeyResource.class.getAnnotation(Path.class);